Alex wrote:
> Just skimming it, it looks pretty good. What work does it still need?

I seem to remember from the discussion last time I posted a version of this
patch was that it was deemed untidy; what it should do instead is move the
function calls out of user.c so that they can be implemented in the crypto
library interface: put variants of these functions in openssl.c and stubs in
gcrypt.c (at least until someone who knows gcrypt well enough can implement
equivalents!)

This would of course leave gcrypt support lagging even further behind
openssl support - last I checked gcrypt couldn't support password-encrypted
private keys either - so finding someone with gcrypt knowledge who could at
least advise would be a definite plus.

I haven't been able to do any of this yet since my requirement at the time
was to Just-Make-It-Work [tm] and I haven't had any time to work on the
project since; all I did do was make the patch apply cleanly against 1.2
and then 1.2.6 but haven't done anything newer. I'm expecting to be able to
update to 1.2.8 "sometime soon" and might be able to clean it up at the same
time but I don't have any crypto knowledge and can't provide any kind of
timescale.

Of course, if the value of not needing the public key appeals to some other
kind developer with a bit more time to finish it off, please feel free!
Otherwise I certainly plan to post the cleaned patch when I've done it with
the hope that it'll get committed, perhaps prompting further additions and
enhancements?

On a sidenote, since I didn't post this as part of 2WoO: I use SFTP upload
both from Win32 and linux for log backup purposes as part of a PCI solution,
including realtime extraction of data from IIS, EventLog and MSSQL trace on
Win32, although the latter still needs some work.